VCU email users were alerted last week of a potential hiccup in email correspondence due to a phishing scam, but victims’ personal accounts may also be compromised.
On Friday, VCU Technology Services alerted VCU email users that the VCU email domain had been blacklisted from commercial email services. According to the alert, the blocking happened because of an increased amount of spam messages being sent from VCU email accounts.
The phishing scam was a targeted attack, said information security officer Dan Han. An email was sent to specific faculty and staff with a link. The link lead to a site that appeared to be VCU’s Central Authentication System and asked for the person’s username and password.
With that information, the attacker is able to access any VCU system that requires an eID and password including VCU’s wireless network, eServices and VCU email.
“Unfortunately we wont know whose eIDs are compromised until the eID is used to send out spam,” Han said.
Han said that VCU email users should be able to send emails to other email services with no problem once those services see a decreased amount of spam coming from the VCU domain.
According to the alert, VCU accounts had seen a “high rate” of phishing, or email scam, in the past week.
Han said that by Friday morning, Technology Services had been able to block the website and most of the spam had stopped, but there were still a few compromised accounts.
“We still had a couple of stragglers,” Han said. “I don’t think it’s quite over yet, but it is slowing down.”
In the week leading up to the block of VCU email, Han said there were usually about five to 10 instances of an account sending a spam email.
On Friday morning, Han said there had been two.
VCU Technology Services blocked the website from the VCU network, so it can’t be accessed if a person is using the university network. The block does not protect users off-campus.
“This phishing scam is a little more sophisticated than others because the web page that you went to looked like a VCU webpage,” Han said. “It is unfortunate that people fell for it and were victimized by it.”
This is not the first major intrusion into VCU accounts this school year. Last semester, the FBI became involved in an investigation when a VCU server’s security was compromised and personal information of more than 176,000 current and former members of the VCU community were said to be hacked.
At the time of the attack, VCU Technology Services said there was a low risk of any of the personal information, which included Social Security numbers, had been taken.
The most recent attack is not related to last semester’s and Han said these attacks are not necessarily specific to VCU.
“As far as the scope of the attack and the number of attacks we’ve experienced, I don’t think VCU is being singled out for anything,” he said.
Han said that most phishing attacks, like last week’s, are generally easier for attackers.
“It is so easy for attackers to exploit a person…,” he said. “It’s a lot harder to jump through a firewall than trick a person into giving you information.”
VCU Tech Services said VCU email should have been removed from most other email services’ blacklists, but advises users to wait and then resend any messages that didn’t reach the recipient.